Amazon Linux 2022 Security Advisory: ALAS-2022-161
Advisory Release Date: 2022-11-01 21:23 Pacific
Advisory Updated Date: 2022-11-03 21:03 Pacific
A flaw was found in the way the perl-CPAN performed verification of package signatures stored in CHECKSUMS files. A malicious or compromised CPAN server used by a user, or a man-in-the-middle attacker, could use this flaw to bypass signature verification. (CVE-2020-16156)
Affected Packages:
perl-CPAN
Issue Correction:
Run dnf update perl-CPAN --releasever=2022.0.20221102 to update your system.
noarch:
perl-CPAN-2.34-1.amzn2022.0.1.noarch
perl-CPAN-tests-2.34-1.amzn2022.0.1.noarch
src:
perl-CPAN-2.34-1.amzn2022.0.1.src